PyPI - java-dependency-analyzer - Versions diffs - 1.0.0__tar.gz → 1.0.1__tar.gz - Mend

java-dependency-analyzer 1.0.0tar.gz → 1.0.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: java-dependency-analyzer
-Version: 1.0.0
+Version: 1.0.1
 Summary: Java Dependency Analyzer is a tool that inspects dependencies.
 Author: Ron Webb
 Author-email: ron@ronella.xyz
@@ -15,7 +15,7 @@ Requires-Dist: lxml (>=6.0.2,<7.0.0)
 Requires-Dist: python-dotenv (>=1.2.2,<2.0.0)
 Description-Content-Type: text/markdown
-# Java Dependency Analyzer 1.0.0
+# Java Dependency Analyzer 1.0.1
 > A Python CLI tool that inspects Java dependency hierarchies in Maven and Gradle projects and reports known vulnerabilities.
@@ -185,6 +185,29 @@ poetry run black java_dependency_analyzer
 poetry run pylint java_dependency_analyzer
 ```
+## Publishing to PyPI
+### Prerequisites
+- A [PyPI](https://pypi.org/) account with an API token.
+### Configure the token
+```bash
+poetry config pypi-token.pypi <your-token>
+```
+### Build and publish
+```bash
+poetry publish --build
+```
+This builds the source distribution and wheel, then uploads them to PyPI in one step.
+> **Note:** PyPI releases are immutable. Once a version is published, it cannot be overwritten.
+> To fix a mistake, yank the release via the PyPI web UI and publish a new version.
 ## [Changelog](CHANGELOG.md)
 ## Author

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/README.md RENAMED Viewed

@@ -1,4 +1,4 @@
-# Java Dependency Analyzer 1.0.0
+# Java Dependency Analyzer 1.0.1
 > A Python CLI tool that inspects Java dependency hierarchies in Maven and Gradle projects and reports known vulnerabilities.
@@ -168,6 +168,29 @@ poetry run black java_dependency_analyzer
 poetry run pylint java_dependency_analyzer
 ```
+## Publishing to PyPI
+### Prerequisites
+- A [PyPI](https://pypi.org/) account with an API token.
+### Configure the token
+```bash
+poetry config pypi-token.pypi <your-token>
+```
+### Build and publish
+```bash
+poetry publish --build
+```
+This builds the source distribution and wheel, then uploads them to PyPI in one step.
+> **Note:** PyPI releases are immutable. Once a version is published, it cannot be overwritten.
+> To fix a mistake, yank the release via the PyPI web UI and publish a new version.
 ## [Changelog](CHANGELOG.md)
 ## Author

java_dependency_analyzer-1.0.1/java_dependency_analyzer/__init__.py ADDED Viewed

@@ -0,0 +1,18 @@
+"""
+java_dependency_analyzer package.
+Java Dependency Analyzer is a tool that inspects dependencies.
+:author: Ron Webb
+:since: 1.0.0
+"""
+from importlib.metadata import version, PackageNotFoundError
+__author__ = "Ron Webb"
+__since__ = "1.0.0"
+try:
+    __version__ = version("java-dependency-analyzer")
+except PackageNotFoundError:
+    __version__ = "unknown"

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/java_dependency_analyzer/cache/vulnerability_cache.py RENAMED Viewed

@@ -81,14 +81,18 @@ class VulnerabilityCache:
         :author: Ron Webb
         :since: 1.0.0
         """
-        cursor = self._conn.execute(_SELECT_SQL, (source, group_id, artifact_id, version))
+        cursor = self._conn.execute(
+            _SELECT_SQL, (source, group_id, artifact_id, version)
+        )
         row = cursor.fetchone()
         if row is None:
             return None
         payload, cached_at = row
         if self._is_expired(cached_at):
             with self._conn:
-                self._conn.execute(_DELETE_SQL, (source, group_id, artifact_id, version))
+                self._conn.execute(
+                    _DELETE_SQL, (source, group_id, artifact_id, version)
+                )
             _logger.debug(
                 "Cache entry expired and deleted for %s/%s:%s@%s",
                 source,

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/java_dependency_analyzer/parsers/base.py RENAMED Viewed

@@ -21,7 +21,9 @@ __since__ = "1.0.0"
 _logger = setup_logger(__name__)
 # Runtime scopes that contribute to the executable classpath
-RUNTIME_SCOPES = frozenset({"compile", "runtime", "implementation", "api", "runtimeOnly"})
+RUNTIME_SCOPES = frozenset(
+    {"compile", "runtime", "implementation", "api", "runtimeOnly"}
+)
 def attach_node(
@@ -138,9 +140,7 @@ class DepTreeParser(DependencyParser):
         return build_tree_from_lines(lines, self._line_to_entry)
     @abstractmethod
-    def _line_to_entry(
-        self, line: str
-    ) -> tuple[int, bool, Dependency] | None:
+    def _line_to_entry(self, line: str) -> tuple[int, bool, Dependency] | None:
         """
         Convert a single dependency-tree text line into a
         ``(depth, is_leaf, dep)`` tuple, or return *None* to skip the line.

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/java_dependency_analyzer/parsers/gradle_dep_tree_parser.py RENAMED Viewed

@@ -56,9 +56,7 @@ class GradleDepTreeParser(DepTreeParser):
     # Private helpers
     # ------------------------------------------------------------------
-    def _line_to_entry(
-        self, line: str
-    ) -> tuple[int, bool, Dependency] | None:
+    def _line_to_entry(self, line: str) -> tuple[int, bool, Dependency] | None:
         """
         Convert a single Gradle dep-tree line to a ``(depth, is_leaf, dep)``
         entry, or return *None* to skip the line.

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/java_dependency_analyzer/parsers/gradle_parser.py RENAMED Viewed

@@ -139,12 +139,13 @@ class GradleParser(DependencyParser):
         :author: Ron Webb
         :since: 1.0.0
         """
         def _replacer(match: re.Match) -> str:
             return props.get(match.group(1), match.group(0))
         return re.sub(r"\$\{(\w+)\}", _replacer, content)
-    def _strip_comments(self, content: str, is_kotlin_dsl: bool) -> str:  # pylint: disable=unused-argument
+    def _strip_comments(self, content: str, _is_kotlin_dsl: bool) -> str:
         """
         Remove single-line (//) and block (/* */) comments from the file content.
@@ -165,7 +166,12 @@ class GradleParser(DependencyParser):
         :since: 1.0.0
         """
         deps: list[Dependency] = []
-        for pattern in (_GROOVY_SHORTHAND, _KOTLIN_SHORTHAND, _GROOVY_BLOCK, _KOTLIN_BLOCK):
+        for pattern in (
+            _GROOVY_SHORTHAND,
+            _KOTLIN_SHORTHAND,
+            _GROOVY_BLOCK,
+            _KOTLIN_BLOCK,
+        ):
             for match in pattern.finditer(content):
                 dep = self._match_to_dependency(match)
                 if dep is not None:
@@ -194,10 +200,14 @@ class GradleParser(DependencyParser):
         # Skip variable references that couldn't be resolved
         if "$" in version:
-            _logger.debug("Skipping %s:%s — unresolved version: %s", group, artifact, version)
+            _logger.debug(
+                "Skipping %s:%s — unresolved version: %s", group, artifact, version
+            )
             return None
-        _logger.debug("Found dependency: %s:%s:%s (scope=%s)", group, artifact, version, scope)
+        _logger.debug(
+            "Found dependency: %s:%s:%s (scope=%s)", group, artifact, version, scope
+        )
         return Dependency(
             group_id=group,
             artifact_id=artifact,

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/java_dependency_analyzer/parsers/maven_dep_tree_parser.py RENAMED Viewed

@@ -52,9 +52,7 @@ class MavenDepTreeParser(DepTreeParser):
     # Private helpers
     # ------------------------------------------------------------------
-    def _line_to_entry(
-        self, line: str
-    ) -> tuple[int, bool, Dependency] | None:
+    def _line_to_entry(self, line: str) -> tuple[int, bool, Dependency] | None:
         """
         Convert a single Maven dep-tree line to a ``(depth, is_leaf, dep)``
         entry, or return *None* to skip the line.

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/java_dependency_analyzer/parsers/maven_parser.py RENAMED Viewed

@@ -43,7 +43,9 @@ class MavenParser(DependencyParser):
         """
         _logger.info("Parsing Maven POM: %s", file_path)
         try:
-            tree = etree.parse(file_path)  # nosec B320  # pylint: disable=c-extension-no-member
+            tree = etree.parse(
+                file_path
+            )  # nosec B320  # pylint: disable=c-extension-no-member
         except etree.XMLSyntaxError as exc:  # pylint: disable=c-extension-no-member
             _logger.error("Failed to parse POM XML: %s", exc)
             return []
@@ -88,7 +90,9 @@ class MavenParser(DependencyParser):
         props_el = root.find(self._tag("properties", namespace))
         if props_el is not None:
             for child in props_el:
-                local = etree.QName(child.tag).localname  # pylint: disable=c-extension-no-member
+                local = etree.QName(
+                    child.tag
+                ).localname  # pylint: disable=c-extension-no-member
                 if child.text:
                     props[local] = child.text.strip()
@@ -153,9 +157,12 @@ class MavenParser(DependencyParser):
         :author: Ron Webb
         :since: 1.0.0
         """
         def text(tag: str) -> str:
             child_el = dep_el.find(self._tag(tag, namespace))
-            raw = child_el.text.strip() if child_el is not None and child_el.text else ""
+            raw = (
+                child_el.text.strip() if child_el is not None and child_el.text else ""
+            )
             return self._resolve_value(raw, properties)
         group_id = text("groupId")
@@ -167,7 +174,9 @@ class MavenParser(DependencyParser):
             return None
         if scope not in RUNTIME_SCOPES:
-            _logger.debug("Skipping dependency %s:%s (scope=%s)", group_id, artifact_id, scope)
+            _logger.debug(
+                "Skipping dependency %s:%s (scope=%s)", group_id, artifact_id, scope
+            )
             return None
         if not version:

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/java_dependency_analyzer/resolvers/transitive.py RENAMED Viewed

@@ -71,7 +71,9 @@ class TransitiveResolver:
             _visited = set()
         if depth >= _MAX_DEPTH:
-            _logger.debug("Max depth %d reached at %s", _MAX_DEPTH, dependency.coordinates)
+            _logger.debug(
+                "Max depth %d reached at %s", _MAX_DEPTH, dependency.coordinates
+            )
             return dependency
         key = dependency.coordinates
@@ -132,8 +134,7 @@ class TransitiveResolver:
         :since: 1.0.0
         """
         return (
-            f"{_MAVEN_CENTRAL}/{dep.maven_path}"
-            f"/{dep.artifact_id}-{dep.version}.pom"
+            f"{_MAVEN_CENTRAL}/{dep.maven_path}" f"/{dep.artifact_id}-{dep.version}.pom"
         )
     def _fetch_pom(self, url: str) -> bytes | None:
@@ -162,7 +163,9 @@ class TransitiveResolver:
         :since: 1.0.0
         """
         try:
-            root = etree.fromstring(pom_content)  # nosec B320  # pylint: disable=c-extension-no-member
+            root = etree.fromstring(
+                pom_content
+            )  # nosec B320  # pylint: disable=c-extension-no-member
         except etree.XMLSyntaxError as exc:  # pylint: disable=c-extension-no-member
             _logger.warning("Could not parse POM for %s: %s", parent.coordinates, exc)
             return []
@@ -171,7 +174,9 @@ class TransitiveResolver:
         ns_prefix = "m:" if root.tag.startswith("{") else ""
         def find(node: etree._Element, tag: str) -> etree._Element | None:
-            return node.find(f"{ns_prefix}{tag}", ns_map) if ns_prefix else node.find(tag)
+            return (
+                node.find(f"{ns_prefix}{tag}", ns_map) if ns_prefix else node.find(tag)
+            )
         def text(node: etree._Element, tag: str) -> str:
             child = find(node, tag)
@@ -213,15 +218,15 @@ class TransitiveResolver:
         """
         props: dict[str, str] = {}
         props_el = (
-            root.find("m:properties", ns_map)
-            if ns_prefix
-            else root.find("properties")
+            root.find("m:properties", ns_map) if ns_prefix else root.find("properties")
         )
         if props_el is not None:
             for child in props_el:
                 if not isinstance(child.tag, str):  # skip comments and PIs
                     continue
-                local = etree.QName(child.tag).localname  # pylint: disable=c-extension-no-member
+                local = etree.QName(
+                    child.tag
+                ).localname  # pylint: disable=c-extension-no-member
                 if child.text:
                     props[local] = child.text.strip()
         return props

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/java_dependency_analyzer/scanners/base.py RENAMED Viewed

@@ -83,9 +83,7 @@ class VulnerabilityScanner(ABC):
                 payload,
             )
-    def _apply_cache_source(
-        self, data: str, source: str
-    ) -> list[Vulnerability]:
+    def _apply_cache_source(self, data: str, source: str) -> list[Vulnerability]:
         """
         Deserialise *data* (a cached JSON string), parse into ``Vulnerability``
         objects, and mark each with ``source = "<source>-cache"``.

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/java_dependency_analyzer/scanners/ghsa_scanner.py RENAMED Viewed

@@ -97,7 +97,8 @@ class GhsaScanner(VulnerabilityScanner):
             response = self._client.get(_GHSA_API_URL, params=params)
             if response.status_code == 429:
                 _logger.warning(
-                    "GitHub Advisory API rate limit exceeded for %s", dependency.coordinates
+                    "GitHub Advisory API rate limit exceeded for %s",
+                    dependency.coordinates,
                 )
                 return []
             response.raise_for_status()

java_dependency_analyzer-1.0.1/logging.ini ADDED Viewed

@@ -0,0 +1,28 @@
+[loggers]
+keys=root
+[handlers]
+keys=consoleHandler,fileHandler
+[formatters]
+keys=logFormatter,consoleFormatter
+[logger_root]
+level=INFO
+handlers=consoleHandler,fileHandler
+[handler_consoleHandler]
+class=StreamHandler
+formatter=consoleFormatter
+args=(sys.stderr,)
+[handler_fileHandler]
+class=FileHandler
+formatter=logFormatter
+args=('java_dependency_analyzer.log', 'a')
+[formatter_logFormatter]
+format=%(asctime)s [%(levelname)s] %(name)s - %(message)s
+[formatter_consoleFormatter]
+format=%(asctime)s - %(name)s - %(levelname)s - %(message)s

{java_dependency_analyzer-1.0.0 → java_dependency_analyzer-1.0.1}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "java-dependency-analyzer"
-version = "1.0.0"
+version = "1.0.1"
 description = "Java Dependency Analyzer is a tool that inspects dependencies."
 authors = [
     {name = "Ron Webb",email = "ron@ronella.xyz"}
@@ -22,6 +22,7 @@ jda = "java_dependency_analyzer.cli:main"
 [tool.poetry]
 packages = [{include = "java_dependency_analyzer"}]
+include = ["logging.ini"]
 [build-system]
 requires = ["poetry-core>=2.0.0,<3.0.0"]

java_dependency_analyzer-1.0.0/java_dependency_analyzer/__init__.py DELETED Viewed

@@ -1,11 +0,0 @@
-"""
-java_dependency_analyzer package.
-Java Dependency Analyzer is a tool that inspects dependencies.
-:author: Ron Webb
-:since: 1.0.0
-"""
-__author__ = "Ron Webb"
-__since__ = "1.0.0"